<!-- Check sAction value from POST. Value (Login or Register) defines which form to post -->

<!-- If _POST[sAction] = Login, query database for matching record in tProfile. -->
<!-- DO NOT set local variables from _POST values, only sKeepLogin. -->
<!-- If record is found, set session variables (cookie if applicable) and redirect to MyProfile.php. -->
<!-- If record is not found, return error message. -->

<!-- If _POST[sAction] = Register, validate form. -->
<!-- Set local variables from _POST values (sFirstName, sLastName, etc). -->
<!-- Ensure sEmail and sUsername are not already present in tProfile table. -->
<!-- Ensure all required fields are present and of accurate type/length. -->
<!-- Enforce password policy. -->
<!-- If form is validated, create record, set session variables and redirect to MyProfile.php. -->
<!-- If form is not valid, return error messages. -->

<?php
   
include "Database_Open.php";
$result = mysqli_query($con,"SELECT * FROM tProfile");
//login
    //check password:
    if ($_POST["sAction"] == "sLogin"){
        while($row = mysqli_fetch_array($result)){ 
        echo $row['sFirstName'] . " " . $row['sLastName'] . " " . $row['sSchool'] . " " . $row['sEmail'] . " " . $row['sPhoto']
        . " " . $row['sUsername'] . " " . $row['sPassword'] . " " . $row['sCity'] . " " . $row['sState'];

            //password match: 
            if ($_POST["sEmail"] == $row['sEmail']){
                if ($_POST["sPassword"] == $row['sPassword']){
                    $expire=time()+30*1*1*1; //Set cookie duration: 30 secs
                    $userfound = true;
                    setcookie("user", $_POST["sEmail"], $expire);
                    session_start();
                    $_SESSION['user']=$_POST["sEmail"];
                    header( 'Location: http://cs5339.cs.utep.edu/team1/Produce/MyTraders.php');
                }
                
                //password mismatch:    
                if ($_POST["sPassword"] != $row['sPassword']){
                    echo "wrong password";
                    // header( 'Location: http://cs5339.cs.utep.edu/team1/Produce/default.php' );
                }
            }
        echo"<br/>";
        $userfound = false; //this variable is under test
        }
    
        //usernot found, return to default.php
        if ($userfound == false){
        echo "user not found";
          //  header( 'Location: http://cs5339.cs.utep.edu/team1/Produce/default.php'); 
        }
    }
    
//register new user:    
    if ($_POST["sAction"] == "Register"){    
        
            /*verify that the email (user) does not exists (code under test)
            $newuser = true; //testing this variable to prevent overwritting an account
            while($row = mysqli_fetch_array($result)){ 
                echo $row['sFirstName'] . " " . $row['sLastName'] . " " . $row['sSchool'] . " " . $row['sEmail'] . " " . $row['sPhoto']
                . " " . $row['sUsername'] . " " . $row['sPassword'] . " " . $row['sCity'] . " " . $row['sState'];
             
                if ($_POST["sEmail"] == $row['sEmail']){
                $newuser = false; //testing this variable to prevent overwritting an account
                echo "email already exists, try a different email"; //testing this variable to prevent overwritting an account
                header( 'Location: http://cs5339.cs.utep.edu/team1/Produce/default.php' );}
            } */
            

            include "upload_file.php"; //upload picture 
            
            $command="INSERT INTO tProfile (sFirstName,sLastName,sSchool,sEmail,sPhoto,sUsername,sPassword,sCity,sState)
               VALUES ('FFFF','LLLL','SSSS','EEEE','PPPP','UUUU','PASW','CCCC','STAT')";
            $command = str_replace("FFFF",$_POST["sFirstName"],$command);
            $command = str_replace("LLLL",$_POST["sLastName"],$command);
            $command = str_replace("SSSS",$_POST["sSchool"],$command);
            $command = str_replace("EEEE",$_POST["sEmail"],$command);
            $command = str_replace("PPPP","../uploads/" . $_FILES["file"]["name"],$command); //stored in upload/imageName
            $command = str_replace("UUUU",$_POST["sUsername"],$command);
            $command = str_replace("PASW",$_POST["sPassword"],$command);
            $command = str_replace("CCCC",$_POST["sCity"],$command);
            $command = str_replace("STAT",$_POST["sState"],$command);
       
            $con->query($command);
            
            //Set Cookie duration for: 30 secs
            $expire=time()+30*1*1*1; 
            setcookie("user", $_POST["sEmail"], $expire);
            header( 'Location: http://cs5339.cs.utep.edu/team1/Produce/MyProfile.php');
    }
    
    
//Update_Profile:    
    if ($_POST["sAction"] == "Update_Profile"){
        
        //delete user 
        if ($_POST["sDeleteuser"] == "true"){ 
            $command = "DELETE FROM tProfile WHERE sFirstName='DDDD'";
            $command = str_replace("DDDD",$_POST["sFirstName"],$command);        
            $con->query($command);
            echo "user del";
         //   header( 'Location: http://cs5339.cs.utep.edu/team1/Produce/default.php' );
        }
        
        //update profile
        if ($_POST["sDeleteuser"] == "false"){
            include "upload_file.php"; //upload picture 
 
            $command="UPDATE tProfile SET sFirstName='FFFF', sLastName='LLLL', sSchool='SSSS', sEmail='EEEE',
            sPhoto='PPPP', sUsername='UUUU', sPassword='PASW', sCity='CCCC', sState='STAT' WHERE sFirstName='FFFF'";

            $command = str_replace("FFFF",$_POST["sFirstName"],$command);
            $command = str_replace("LLLL",$_POST["sLastName"],$command);
            $command = str_replace("SSSS",$_POST["sSchool"],$command);
            $command = str_replace("EEEE",$_POST["sEmail"],$command);
            $command = str_replace("PPPP","../uploads/" . $_FILES["file"]["name"],$command); //stored in upload/imageName
            $command = str_replace("UUUU",$_POST["sUsername"],$command);
            $command = str_replace("PASW",$_POST["sPassword"],$command);
            $command = str_replace("CCCC",$_POST["sCity"],$command);
            $command = str_replace("STAT",$_POST["sState"],$command);
        
            $con->query($command);
        } 
  
    }
    
    
    mysqli_close($con);
?>

